Razer Synapse is software that allows you to customize the buttons and RGB LEDs on Razer peripherals. Widely used by gamers across the planet, it is the subject of an easily exploitable security vulnerability. Discovered by @ j0nh4t who detailed the manipulation on Twitter, it allows access to administrator privileges under Windows by simply plugging in a keyboard or mouse.
Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift + Right click
Tried contacting @Razer, but no answers. So here’s a freebie pic.twitter.com/xDkl87RCmz
– jonhat (@ j0nh4t) August 21, 2021
Indeed, when you connect a Razer device to a PC, Windows offers to install Razer Synapse and launches the executable with system privileges. It is then possible to change the software installation folder and open PowerShell with a few clicks, which also opens with administrator privileges. It is therefore possible to execute any command from the computer …
Not to worry too much, however, nothing can be done remotely and you have to be physically present in front of the computer to exploit this bug. Razer has said it is fixing the flaw anyway and will be offering an update soon. @ j0nh4t was contacted by the manufacturer and received a bonus for reporting the problem.
So remember to install the next updates of Razer Synapse if you use the software.